Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

burasicarsi.com redirection malware


  • This topic is locked This topic is locked
2 replies to this topic

#1 macberry

macberry

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:42 PM

Posted 14 August 2014 - 02:32 PM

Hi. Since yesterday I have had the following problem and it is extended to computers in my office.

 

All I have found are pages in turkish that mention that is a problem with the router.

 

I would like your opinion and suggestion on how to remove this malware

 

I was reading an article in the news where the word sex was on it. (talking about doctors suggestion not to have sex in the water). I opened and after loading the article it automatically redirects the page to the following one:

 

http://burasicarsi.com/good.html?mdget

 

I thought it was a problem with the web page, but this news site is a serious one. Investigating I found out that if I load any page with the words Sexual Video, the page loads and automatically redirects to the mentioned page. For example if I google "sexual video articles" and shows articles of celebrities sexual videos mantioned in abc.com, fox.com and any other serious sites, when opened it automatically redirects to

 

http://burasicarsi.com/good.html?mdget

 

I tested this in 4 other computers in my office and got the same problem.

 

In my mobile device happened as well and when I went home it was still happening. I tested the problem in another machine in my home and redirection didn´t occurred.

 

However after midnight I tested again in my mobile phone and the redirection didn´t happened, went back to my office and connected to the wifi netword tried it again and it redirected to burasicarsi.com

 

I found sites talking about it like these ones

http://uzmanim.net/soru/porn-video-oynatici-virusu/7121

 

http://blog.koroglu.web.tr/istanbulda-malware-avciligi

 

http://www.hasandilsiz.com.tr/burasicarsi-com-yonlendirme-virusu-cozumu.html

 

 

 

and even found a video in one turkish forum that shows exactly what happens.

 

from this forum

http://forum.donanimhaber.com/m_95171913/tm.htm

 

Here an interesting post regarding this malware

http://www.turkeycentral.com/topic/20650-is-this-malware/

 

 

any ideas, suggestions?

 

running windows 7 pro

problem happens in Firefox, Chrome, Opera and IE

-Edit> I posted my DDS file info. But since problem is solved. I just deleted it from the post.


Edited by macberry, 15 August 2014 - 11:27 AM.


BC AdBot (Login to Remove)

 


#2 macberry

macberry
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:42 PM

Posted 15 August 2014 - 11:24 AM

I received a direct message from user uzmanimNet who I want to thank again for his kind help, pointing out the cause of the problem.

 

Here his message

-----

I dont have permission to reply your message, thats why i sent dm.

You can find details about your problem here : http://www.tp-link.us/article/?id=10706

Best regards,
hakan

------

 

to make the story short, I don't have a TP-Link router, but in my office there is an ADSL from another brand that I assume has the MTK Chip solution explained in the TP-Link article. The ADSL modem is controlled by my ISP.

 

Today the problem is gone in my computer and all computers in my office. So I suspect that the ISP updated the firmware to prevent the problem mentioned in the link above.

 

So, as per today I would say that we are clean. If get more information I will post it here to help others.

 

Edit: I talked with a high level executive from my ISP and he confirmed to me that they suffered an attack on approximately 5000 chipsets.They all were updated and fixed. His words confirmed all the above.

 

Case solved.


Edited by macberry, 16 August 2014 - 06:18 AM.


#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:42 PM

Posted 19 August 2014 - 08:21 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users